6 Replies Latest reply: Dec 17, 2005 11:34 AM by baltwo
dmcharg Level 1 (5 points)
Hi i am new to the Mac OS X platform having recently converted from XP. I have been reading around and getting familiar with the Mac and have recently been looking into keychain from a security perspective. On XP i used eWallet to hold sensitive data and from what i can gather it seems as though Keychain is a little similiar i.e allowing me to encrypt sensitive data. I have a few questions i would appreciate any advice on based on others experience/knowledge -

1. What info do you store in Keychain ? Passwords ? Bank Accounts/Pins ? Social Security No ? etc etc.
2. When i run a backup which currently backs up my home dir what file(s) do i need to backup for my keychain ?
3. Where can i find detailed documentation ?
4. If i wanted to store my Keychain on a USB key how do i do this ? Do i simply copy the Keychain file to my USB key ? I assume i can open this Keychain from another Mac but what about from a PC ?
5. When a keychain is open does that mean anyone can read it ? I assume the keychain file is always encrpyted ?

Any assistance much appreciated.

Cheers
David.

iMac G5 20, Mac OS X (10.4.3)
  • baltwo Level 9 (62,215 points)
    For the most part, your questions are answered in Keychain Access->Help.
  • dmcharg Level 1 (5 points)
    I've read all of the Keychain help available but i find it lacks detail.
  • baltwo Level 9 (62,215 points)
    I've read all of the Keychain help available but i find it lacks detail.

    Hmmmm! Let's look at some of your questions.

    1. What info do you store in Keychain?

    From About keychains: A keychain can store all your passwords for applications, servers, and websites; cryptographic keys and X509 certificates; or even sensitive information unrelated to your computer, such as credit card numbers or personal identification numbers (PINs) for bank accounts.

    5. When a keychain is open does that mean anyone can read it? I assume the keychain file is always encrpyted?

    From Storing sensitive information in your keychain: IMPORTANT: It's a good idea to leave "Always allow access to this item" unselected for most items in your keychain. This provides greater security for your information.

    If that's not detailed enough, then start doing your own searches. E.g., there's always:
    http://search.info.apple.com/?asq=&as_epq=keychain&as_oq=&as_eq=&btnG=Search&lr=langen&kword=&type=&Submit=Search

    or

    http://developer.apple.com/cgi-bin/search.pl?q=keychain&site=default_collection


    G4 450 MP Gigabit   Mac OS X (10.4.3)  
  • baltwo Level 9 (62,215 points)
  • dmcharg Level 1 (5 points)
    Thanks. I think your missing my point. My first question i ask what do you store in your Keychain ? Yes i've read apple's docs and it realize it says your can store passwords, credit card info, pins etc etc but i wanted to find out if in reality people trust it enough to store this kind of information ?

    As for your recommendation for searching, yup done that as well for many hours reading articles from many sites but i still felt as though some of my questions are not answered in enough detail plus i wanted to get some feel for how many people actually trust and use keychain.

    Cheers
    David.
  • baltwo Level 9 (62,215 points)
    I think your missing my point.

    I sure did. I didn't get that you were asking what other people were storing in their keychains. Sorry for not understanding. Personally, I only store passwords to websites that I visit.

    …I wanted to find out if in reality people trust it enough to store this kind of information?

    I suspect that's for each user to determine. Since my machine is a single-user one, in my home, I don't have the security concerns you or any other user might have. Apple provides optional protections that you can use via SysPrefs->Security: File Vault, require password to wake from sleep/screensaver, etc. One can also use Open Firmware password protection; see http://docs.info.apple.com/article.html?artnum=106482 for details.

    You have to decide for yourself what level of protection you want to use.

    HTH